Home Network Security & Offensive Security

Target IP: 10.10.10.140 Exploitation Summary Initial Exploitation Vulnerability: Remote code execution via MagentoExplanation: Magento has couple remote code execution vulnerabilities allowing admin account creation and then code execution through admin account Privilege Escalation Vulnerability: sudo vi capabilityExplanation: shell can be obtained through vi Enumeration nmap -p- -A -T4 10.10.10.140 TCP 22: OpenSSH 7.2p2 Ubuntu TCP … Read more

We discussed how to view PDF files more safely a while back. Most of the time we only need to read PDF files. But once in a while, we want to combine pages from different PDF files into a single PDF file. There are quite a bunch of websites that offer merging PDF files online. … Read more

Fact: Simply opening an infected PDF file can get your device compromised. Need: to open PDF files more safely. PDF probably is the most commonly used format to facilitate exchange of electronic copy of documents. We share content using PDFs all over the web, through emails. And we receive our statements, bills, invoices from our providers. … Read more

VM: Jarbas 1Goal: Obtain root shellApproach: solve without automated exploitation tools Target Discovery nmap -sn 192.168.172.200-254 Our target: 192.168.172.238 Port Scanning nmap -p- -A 192.168.172.238 Port 22: OpenSSH 7.4Port 80: Apache httpd 2.4.6Port 3306: mysql (MariaDB)port 8080: http (Jetty 9.4.z-SNAPSHOT) Enumeration First browse through the main website which found nothing of interests. All links are … Read more

What happen when your home Internet is down and won't be available for a while? Internet has become part of our daily life. Many of our activities involve Internet access. From gaming, online shopping, banking, searching for information and etc. Simply put, it's really inconvenience and tough when home Internet is not available. I once … Read more

Target IP: 10.10.10.63 Exploitation Summary Initial Exploitation Vulnerability: Remote code execution via Jenkins Script ConsoleExplanation: Jenkins management console is available without login and resulted in code execution through the Script Console Privilege Escalation Vulnerability: Weak master password of keepass fileExplanation: keepass is used to store credentials including some administrative credentials. However, weak password is used … Read more

Target IP: 10.10.10.114 Exploitation Summary Initial Exploitation Vulnerability: Security through obscurityExplanation: Credentials are obscured in javascript function within the website. Privilege Escalation Vulnerability: sudo git pullExplanation: hook script for post-merge can be defined to perform code execution as root Enumeration nmap -p- -A -T4 10.10.10.114 TCP 22: OpenSSH 7.6p1 TCP 80: nginx Initial Shell Exploitation … Read more

Target IP: 10.10.10.110 Exploitation Summary Initial Exploitation Vulnerability: Command execution on /api/brew.pyExplanation: The api script is testing ABV parameter to ensure value is less than or equal to 1.0. However eval function is used that allows code injection. Privilege Escalation (user) Vulnerability: critical information stored in gitExplanation: ssh private key is stored in git. Obtaining … Read more

It's a painful, yet wonderful and fun journey in summary. It's full blown practical. You can't just read some books, practice some multiple choice questions and pass the exam. You have to immense yourself in practice, practice and practice. It's roller coaster in emotion. It's frustrating, depressing and humiliating when I get stuck and going … Read more

VM: Dina 1.0.1Goal: acquire root accessApproach: solve without automated exploitation tools Enumeration Target Discovery First locate the IP address of my target: nmap -n -sn 192.168.172.200- Target: 192.168.172.234 Port Scanning nmap -P- -A 192.168.172.234 Ports Service/Banner TCP: 80 Apache 2.2.22 (Ubuntu) Let's look at the website. There's a few folders found by nmap. Then only … Read more

While most devices use Wi-Fi now, I bet most home still have a backbone or small LAN network that uses ethernet cables, especially when you want stable and better bandwidth. Troubleshooting a problem/failing network could be a pain, especially when it works but doesn't work the way it should. A worn out ethernet cable sometimes … Read more

VM: Kioptrix: Level 1Goal: acquire root accessApproach: solve without automated exploitation tools Target discovery First step is to locate the IP address of my target: nmap -n -sn 192.168.172.200-254 found target at 192.168.172.233 Enumeration Target: 192.168.172.233 Now I use nmap to scan through all TCP ports nmap -p- 192.168.172.233 Then do a more detail scan … Read more

VM: Tr0ll: 1Goal: acquire root accessApproach: solve without automated exploitation tools Enumeration Target Discovery First locate the IP address of my target: nmap -n -sn 192.168.172.200- Target: 192.168.172.232 Port Scanning nmap -P- -A 192.168.172.232 Ports Service/Banner TCP: 21 vsftpd 3.0.2 TCP: 22 OpenSSH 6.6.1p1 Ubuntu 2ubuntu2 TCP: 80 Apache 2.4.7 Checkout website Lol, there isn't … Read more

VM: pWnOSGoal: acquire root accessApproach: solve without automated exploitation tools Network IP address fix for VMware If the VM does not obtain an IP address automatically. do the following to fix it: Reset the root passwordlogin to Holynix as rootrun command: rm /etc/udev/rules.d/70-persistent-net.rulesreboot Holynix: shutdown -r 0 After doing this, the VM should obtain an … Read more

Target: 10.10.10.68Goal: Root access Port Scanning nmap -p- -A 10.10.10.68 Port 80/tcp: Apache httpd 2.4.18 Enumeration Directory scan using gobuster gobuster -u http://10.10.10.68/ -w common.txt -s "200,204,301,302,307,401,403" -x "txt,html,php,jsp" First browse around the website and follow the links. Does not find anything of interests. Then I check the folders found by gobuster and notice couple … Read more

Target: 10.10.10.56Goal: Root access Port Scanning nmap -p- -A 10.10.10.56 Port 80/tcp: Apache httpd 2.4.18Port 2222/tcp: SSH (OpenSSH 7.2p2 Ubuntu 4ubuntu2.2) Enumeration Let's look at the website: Only an image. There's no other information or links. Let's use gobuster to see any hidden files or directories: gobuster -u http://10.10.10.56:80/ -w /usr/share/seclists/Discovery/Web-Content/common.txt -e -k -l -s … Read more

VM: Holynix: v1Goal: acquire root accessApproach: solve without automated exploitation tools Network IP address fix When I start the Holynix virtual machine using VMware Workstation 15 Player, the VM does not obtain an IP address automatically. I did the following to fix this issue: Reset the root passwordlogin to Holynix as rootrun command: rm /etc/udev/rules.d/70-persistent-net.rulesreboot … Read more

Reset Linux root password is not hard if you have physical access to the Linux box. All you need is Kali live CD (or other Linux live CD). This guide will show you how to reset Linux root password on VMware Linux virtual machine. But it's exactly the same process on a physical Linux box. … Read more

VM: LAMPSecurity: CTF5Goal: Gain root accessApproach: solve without automated exploitation tools Target Discovery nmap -sn 192.168.172.200-254 Port Scanning nmap -p- -A 192.168.172.240 Port 22: OpenSSH 4.7Port 25: SMTPPort 80: Apache httpd 2.2.6Port 110: pop3 ipop3d 2006k.101Port 111: RPC #100000Port 139: Samba smbd 3.X – 4.X (workgroup: MYGROUP)Port 143: University of Washington IMAP imapd 2006k.396Port 445: … Read more

IMPORTANT: installing custom firmware always pose risk of bricking your device. Do it at your own risk. This guide will show you how to use custom firmware Tomato by Shibby on Asus RT-N66U as a wireless access point (WAP) to setup multiple Wi-Fi VLANs. This is an alternate method of setting up Wi-Fi subnets of … Read more